Collecting Windows Event Logs, missing event Source and Event ID

Started by hkusulja, May 07, 2014, 09:20:54 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions

hkusulja

May 07, 2014, 09:20:54 PM
Hi,
i have configured simple windows event logging using NetXMS agent nad XML file:

Code Select

<parser>
<file>*Application</file>
  <rules>
    <rule>
      <level>1</level>
      <match>(.*)</match>
      <event params="1">100002</event>
    </rule>
</parser>


In my Event in Event Template, with message: %1

After I do have some Alarms generation in Event Processing Policy with message %m , etc.

Question is, how can I get more data from Windows Event Log - I am missing "Source" and "Event ID" from Event Log.
Which parameter it is (I have tried %2 and %3 in my Event template but does not work), so how to pull this info into the NetXMS server also?

Thank you

pedrong

#1
May 26, 2014, 12:10:22 PM
hi hksulja, have you found an answer to your question? If so, could you share with us? Thanks!!

Victor Kirhenshtein

#2
May 26, 2014, 03:15:22 PM
Hi!

Starting with version 1.2.14 agent appends event source, event ID, and event severity to NetXMS event. Actual position depends on number of capture groups. For example, for rule defined as

Code Select

    <rule>
      <level>1</level>
      <match>(.*)</match>
      <event params="1">100002</event>
    </rule>


(with 1 capture group) source will be available as %2, event ID as %3, and severity as %4.

Best regards,
Victor
Print
Go Up Pages1
User actions